Saturday, September 01, 2018

U.S.
Government Thinks China Is Using LinkedIn to Enlist American Spies

The U.S. government believes China is using fake
LinkedIn accounts to recruit American spies with government intel and
is calling on the company to help shut them down.

According to Reuters,
which broke the story Friday morning, intelligence and law
enforcement have placed pressure on LinkedIn, owned by Microsoft,
to thwart the budding espionage network. U.S. counter-intelligence
chief, William Evanina, is the source of the allegations and claims
to have warned the networking platform about China’s “super
aggressive” tactics on the site, including their mass-messaging of
thousands of users at a time.

...and if I wanted to sneak a spy into the US, I’d
do it through Canada.

All 1.7 million users of Air Canada’s mobile app
have had their passwords reset by the company following a security
breach which saw hackers compromise up to 20,000 accounts last week.

A security
notice published by the company explains that it detected
“unusual login behaviour” related to the smartphone Air Canada
app between August 22-24 2018, that may have seen 20,000 profiles
“improperly accessed.”

… The company says that credit and payment
card information was encrypted, and was not compromised in the
security breach.

However, victims who have had their passport
details stolen may face serious consequences, as fraudsters could use
the details to set up accounts with insurance firms, mobile phone
operators, banks and the like if they do not require sight of the
physical passport.

… There is also a risk that a fraudster could
use the stolen information to request a new physical passport.
However, Air Canada says that the Canadian government describes
that risk as “low” provided the genuine passport holder still
has physical ownership of the document.

BBC News, however, raises the issue that
Air Canada required account passwords to merely be between 6 and 10
characters, and could not contain symbols. That, in itself, goes
against the Canadian
government’s own password advice.

Just nailing down a small part of the remaining
fraction they don’t already know about us?

For the past year, select Google
advertisers have had access to a potent new tool to track whether the
ads they ran online led to a sale at a physical store in the U.S.
That insight came thanks in part to a stockpile of Mastercard
transactions that Google paid for.

But most of the two billion Mastercard
holders aren’t aware of this behind-the-scenes tracking. That’s
because the companies never told the public about the arrangement.

In a bid to crackdown on spread of fake news on
its platform, WhatsApp on Wednesday said it is rolling out radio
campaigns across various Indian states, asking people to check the
veracity of information received as a forward before they share it
with others.

“We want to tell the voters that we did
something. We don’t care if you can actually enforce the law.”

Becerra
Rips Lawmakers for 'Unworkable' Provisions in New Data Privacy Law

California Attorney General Xavier Becerra lashed
out at lawmakers for imposing “unworkable obligations and serious
operational challenges” on his office by effectively making him the
chief enforcer of the state’s sweeping new data privacy law.

In an Aug.
22 letter to legislators who helped get the law
passed in June, Becerra complained that his office is not equipped to
handle all the related duties, including quickly drafting regulations
and advising businesses about compliance with the California Consumer
Privacy Act, or CCPA.

… Becerra also questioned the legality of the
civil penalties included in the new law, which he said improperly
modified the state’s Unfair
Competition Law, or UCL.

“The UCL’s civil penalty laws were enacted by
the voters through Proposition
64 in 2004 and cannot be amended through
legislation,” Becerra wrote.

… The tech giant announced
to developers on Thursday that all new apps as well as app
updates are required to have a privacy policy beginning October 3 of
this year. This applies to apps submitted both through Apple’s App
Store as well as TestFlight, a mobile app testing service owned by
Apple. Apple’s announcement notes that the privacy policy link or
text an [sic]only be edited when a developer submits the
latest version of their app.

… In the guidelines, Apple states that
developers must “clearly and explicitly” inform users what data
apps collect and how that data is used in their privacy policies,
confirming if there are third parties that can access that data.
Apple also states that apps that do collect data must ask for
consent, and that apps “should only request access to data relevant
to the core functionality of the app and should only collect and use
data that is required to accomplish the relevant task.”

We are pleased to announce the launch of our
Privacy Book Club! The FPF Privacy Book Club will provide members
with the opportunity to read a wide range of books — privacy, data,
ethics, academic works, and other important data relevant issues —
and have an open discussion of the selected literature.

The FPF Privacy Book Club will be held on the last
Wednesday of each month. A virtual conference dial-in will be sent
to book club members, which will include a video chat, phone line,
and an online chat. You can join the Privacy Book Club by
registering here.
Please feel free to share the sign up link with your friends and
colleagues who may be interested in participating.

The
first FPF Privacy Book Club will be held Wednesday, September 26,
2018, at 2:00 pm (EST).
We are excited to share that FPF Advisory Board member and author,
Professor Woodrow Hartzog, will be joining the discussion to
introduce his book, Privacy’s
Blueprint: The Battle to Control the Design of New Technologies,
and to answer a few questions. After hearing from Woody, we will
host an open discussion of the book for the remainder of the meeting.

To learn more
about FPF’s Privacy Book Club or to provide suggestions for future
readings, please contact Michelle Bae, FPF Berkower Memorial Fellow,
at mbae@fpf.org.

Sweden is regarded
as the poster child of cashless countries and is expected to become
the world’s first cashless society by March 2023. This means that
cash will not be a
generally accepted means of payment in Sweden.
This journey has been powered by various factors such as a robust
card payment system, strong internet infrastructure, a popular mobile
payment app, supportive legal framework and a cultural mistrust of
cash.

… We found that when
cash transactions fall below 7% of the total payment transactions, it
becomes more costly to manage cash than the marginal profit on cash
sales. When this happens, an economically rational retail
management should stop accepting cash.

This is possible in Sweden because even though
cash is a legal tender, contract laws have a higher precedence than
banking and payment laws here. If a store puts up a sign that it
does not accept cash, then you, as a customer, have entered a
contract or an agreement with that store that they don’t accept
cash.

Friday, August 31, 2018

Motherboard:
“…After more than a decade of headlines about the vulnerability
of US voting machines to hacking, it turns out the federal government
says it may not be able to prosecute election hacking under the
federal law that currently governs computer intrusions. Per a
Justice Department report issued in July from the Attorney
General’s Cyber Digital Task Force, electronic
voting machines may not qualify as “protected computers”
under the Computer
Fraud and Abuse Act, the 1986 law that prohibits unauthorized
access to protected computers and networks or access that exceeds
authorization (such as an insider breach)…”

[From
the DoJ Report:

The
principal statute used to prosecute hackers—the Computer Fraud and
Abuse Act (“CFAA”)—currently does not prohibit the act of
hacking a voting machine in many common situations. In general, the
CFAA
only prohibits hacking computers that are connected to the Internet
(or that meet other narrow criteria for protection). In many
conceivable situations, electronic voting machines will not meet
those criteria, as they are typically kept of the Internet.
Consequently, should hacking of a voting machine occur, the
government would not, in many conceivable circumstances, be able to
use the CFAA to prosecute the hackers. (The conduct could, however,
potentially violate other criminal statutes.)

,,, In a Microsoft
Tech Community blog post, the company writes that beginning
October 2, Office 365 Home will see their device
limits completely removed. That means instead of being
limited to installing the software on a total of 10 devices, it's now
an unlimited number of devices for both subscriber tiers.

Thursday, August 30, 2018

John H. Durham, United States Attorney for the
District of Connecticut, announced that GEORGE GAROFANO, 26, of North
Branford, was sentenced today by U.S. District Judge Victor A. Bolden
in Bridgeport to eight months of imprisonment, followed by three
years of supervised release, for engaging in a phishing scheme that
gave him illegal access to more than 200 Apple iCloud accounts, many
of which belonged to members of the entertainment industry.

According to court documents and statements made
in court, from April 2013
through October 2014, GAROFANO engaged in a phishing
scheme to obtain usernames and passwords for iCloud accounts.
GAROFANO admitted that he sent e-mails to victims that appeared to be
from security accounts of Apple and encouraged the victims to send
him their usernames and passwords, or to enter them on a third-party
website, where he would later retrieve them.

Liker, a
Facebook Alternative for Liberals, Is Hive of False Claims About
Trump

In the world of the anti-Trump Facebook
#Resistance, no one has a bigger soapbox than Omar Rivero, the
founder of the Occupy Democrats Facebook page.

Along with his brother Rafael, Rivero has amassed
7 million followers and an
estimated six figures in monthly ad revenue for the page
with viral-ready videos and infographics. In 2017, the Miami New
Timesnoted
that Occupy Democrats has more influence on Facebook “than
virtually any other news source in America.”

But Rivero’s success has also brought attention
to Occupy Democrats’ relaxed attitude toward the truth. Occupy
Democrats has repeatedly been dinged by fact-checking sites for
posting exaggerated or invented news stories, earning several
“pants on fire” ratings from PolitiFact and amassing
a number of mentions on hoax-debunking site Snopes. Brooke
Binkowski, a journalist who covered Occupy Democrats as the managing
editor of Snopes, told The Daily Beast that the page’s headlines
were often “extremely misleading.”

I know some people who could have saved a lot of
money had this been the rule of the land a few years ago.

In this copyright action, we consider
whether a bare allegation that a defendant is the registered
subscriber of an Internet Protocol (“IP”) address associated with
infringing activity is sufficient to state a claim for direct or
contributory infringement. We conclude that it is not.

The case involved well known copyright trolling
lawyer Carl Crowell representing Cobbler Nevada LLC. As we discussed
in our article on the district
court decision, the actions in this case were particularly
nefarious. Crowell quickly learned that the IP address in question
belonged to an adult foster care home, but decided to go after the
operator, Thomas Gonzales, even though he was aware that any of the
many residents or staff may have actually been responsible for the
infringement. Gonzales (reasonably) refused to just cough up the
names and details of residents and staff without a court order, and
Crowell's response was just to go after Gonzales directly. But the
facts of this case made it especially easy for the lower court to
highlight how a mere IP address is not nearly enough to allege
infringement.

… The only connection between
Gonzales and the infringement was that he was the registered internet
subscriber and that he was sent infringement notices. To establish a
claim of copyright infringement, Cobbler Nevada “must show that
[it] owns the copyright and that
the defendant himself violated one or more of the plaintiff’s
exclusive rights under the Copyright Act.”
Ellison v. Robertson, 357 F.3d 1072, 1076 (9th Cir. 2004). Cobbler
Nevada has not done so.

Dyson is most definitely serious about its plans
to release
an electric vehicle. The company has outlined its proposed
second growth phase for its EV development facility at Hullavington
Airfield, and the plans are more than a little ambitious. Its
application would create more than 10 miles of test tracks around the
former base, including specialized tracks for hill and off-roading
tests. You'd also see more than 480,000 square feet of new new
development space with room for 2,000-plus workers.

Students
can stream Spotify, Hulu, and Showtime all for less than $5 a month

Listen to your favorite music, watch your favorite
shows, and catch up on a few series you couldn't watch before with
this expanded bundle from
Spotify that now includes Hulu and Showtime. Spotify first
teamed up with Hulu late last year to offer a similar service, but
Showtime is a new addition that doesn't add anything to the price.
That's a great combo of programs, especially if you don't have cable
but do have access to some high-speed Internet. You will need to
prove you're attending a Title
IV accredited institution to get the deal, so no fooling
the system.

The bundle includes a subscription to Spotify
Premium, Hulu with Limited Commercials, and Showtime streaming
services. The Hulu
subscription is regularly $7.99 a month by itself. Spotify
Premium is $9.99 and Showtime
is $10.99 a month when purchased directly. There are lots of ways to
get discounts on all of these services, but getting all three
together for $4.99 is nuts.

Twitter
this week announced the suspension of a total of 770 accounts for
“engaging in coordinated manipulation.”

The
suspensions were performed in two waves. One last week, when the
social networking platform purged 284 accounts, many of which
supposedly originated from Iran, and another this week, when 486 more
accounts were kicked for the same reason.

… The
report triggered reactions from large Internet companies, including
Facebook and Google. The former removed 652 pages, groups, and
accounts suspected of being tied to Russia and Iran, while the latter
blocked
39 YouTube channelsand
disabled six Blogger and 13 Google+ accounts.

I
imagine rich neighborhoods will tweak the algorithm to keep more
people in jail. And if anyone released re-offends, “Hey! The
computer made me release him!”

… Under the California law those arrested and
charged with a crime won't be putting up money or borrowing it from a
bail bond agent to obtain their release. Instead, local
courts will decide who to keep in custody and whom to
release while they await trial. Those decisions will be based
on an algorithm created by the courts in each
jurisdiction.

Reminds me of the fight Phil Zimmerman had to
publish PGP software. Same law. Same chance of the government
keeping these files from terrorists – ZERO. After all, nothing
will keep terrorist groups from doing exactly what Cody Wilson did.

During what he called his first ever press
conference, Defense Distributed founder Cody Wilson announced Tuesday
that he would continue to comply with a federal court order
forbidding him from internationally publishing CAD
files of firearms. Wilson said he would also begin selling
copies of his
3D-printed gun files for a "suggested price" of $10 each.

The files, crucially, will be transmitted to
customers "on a DD-branded flash drive" in the United
States. Wilson also mentioned looking into customer email and secure
download links.

Previously, Defense Distributed had given the
files away for free, globally.

“This paper
investigates the link between social media and hate crime using
Facebook data. We study the case of Germany, where the recently
emerged right-wing party Alternative für Deutschland (AfD) has
developed a major social media presence. We show that right-wing
anti-refugee sentiment on
Facebook predicts violent crimes against refugees in
otherwise similar municipalities with higher social media usage. To
further establish causality, we exploit exogenous variation in major
internet and Facebook outages, which fully undo the correlation
between social media and hate crime. We further find that the effect
decreases with distracting news events; increases with user network
interactions; and does not hold for posts unrelated to refugees. Our
results suggest that social media can act as a propagation mechanism
between online hate speech and real-life violent crime.”

Center
for Data Innovation – “MIT Technology Review has
created a set of visualizations that uses data about Twitter activity
to illustrate the polarization of political discourse in the United
States. The visualizations include multiple cluster maps
demonstrating that accounts
that follow each other tweet similar content. In
addition, diagrams show that the
most partisan accounts, which include bot accounts that
tweet hundreds of times a day, tweet
significantly more than accounts in the political center.
The visualizations also show the polarization of Turkish and Russian
accounts.”

Tuesday, August 28, 2018

Personal data and booking information
from 13 hotels operated by Huazhu Hotels Group (华住酒店集团)
has reportedly been leaked in what could be the largest data breach
in China in five years, according
to Chinese cybersecurity media FreeBuf (in Chinese).

The
latest ESRA report from Mimecast indicates just why email attacks are
so loved by cybercriminals, and why organizations need to take email
security more seriously.

ESRA
is Mimecast's ongoing Email Security Risk Assessment quarterly
analysis. Working with 37 organizations across 20 different
industries, Mimecast compares the email threats it detects to those
detected by the organizations' incumbent email security technologies.
The results provide two major sets of statistics: the volume of
threats that go undetected by the incumbent technologies; and the
sheer size of the email threat.

The
latest report (PDF)
covers more than 142 million emails received by almost 261,924 users.
The incumbent email security was Office 365 and Proofpoint.

ESRA's
analysis shows that a total of
more than 19 million spam emails; 13,176 emails containing dangerous
file types; and 15,656 malware attachments were missed by the
incumbent security and delivered to users' inboxes. It
also discovered 203,000 malicious links within just over 10 million
emails that were delivered to inboxes – a ratio of around one
unstopped malicious link in every fifty inspected emails.

This
doesn't mean that the bad emails were effective, only that they were
delivered to their destination.

It’s a forensics technique that has
helped crack several cold cases. Across the country, investigators
are analyzing DNA and using basic genealogy to find relatives of
potential suspects in the hope that these “familial searches”
will lead them to the killer.

Familial searches led California
authorities to arrest Joseph James DeAngelo in the Golden State
Killer probe in April, and investigators have since used it to make
breakthroughs in several
other unsolved murder cases, including four in Washington state,
Pennsylvania, Texas and North Carolina.

But as these searches proliferate, they
are raising concerns about police engagement in “DNA dragnets”
and “genetic
stop and frisk” techniques. And as public DNA databases grow
and are accessed by law enforcement, investigators may soon have the
ability to track down nearly anyone, even people who never submitted
their genetic material for analysis.

Over time, it's become a widely accepted fact that
Amazon
has pushed retail prices lower.

The company's offerings are so diverse that they
can afford to sell many products at razor-thin margins, then make up
for it in other, less competitive areas.

In the process, Amazon forces other retailers to
lower their prices, putting pressure on their bottom lines.
And, in many cases, it's forced these competitors to permanently
alter their pricing strategies.

The paper, written by associate professor Alberto
Cavallo and presented at the Kansas City Fed's annual symposium,
looks at how these two measures have changed over the past decade.

Cavallo finds that the Amazon effect has
streamlined retail pricing and forced companies to be more adaptable
to conditions. Further, as a byproduct of that, he notes that
pricing has become more uniform across locations.

… Elsewhere in his paper, Cavallo breaks down
how the Amazon effect is impacting the Federal
Reserve. After all, consumer price inflation is arguably the
most important piece of the central bank's monetary policy — and
the rate at which it's planning to hike interest rates.

… Cavallo sums it all up nicely in his study:

"Retail prices are becoming less 'insulated'
from these common nationwide shocks," he said. "Fuel
prices, exchange-rate fluctuations, or any other force affecting
costs that may enter the pricing algorithms used by these firms are
more likely to have a faster and larger impact on retail prices that
in the past."

Regulatory uncertainty and trust are major
barriers to blockchain
adoption among businesses, according to a study
released August 27 by ‘Big Four’ auditing firm
PricewaterhouseCoopers
(PwC).

… According to the study, four in five
executives worldwide, which represent 84
percent of respondents, have blockchain initiatives in progress,
25 percent of which have fully live blockchain implementations or
launched pilot projects.

46 percent of respondents identified the financial
sector as the leader in terms of blockchain development in the next
three to five years. Respondents also identified sectors with
emerging potential for the same period of time as energy
and utilities (14 percent), healthcare (14 percent), and industrial
manufacturing (12 percent).

If you want to send friends custom emoji using
Gboard, you can either tap into your Bitmoji
sticker collection... or use the keyboard's latest feature. Google
has launched "Mini" stickers for iOS and Android, which use
machine learning to craft personalized emoji from your photo. More
precisely, the feature uses a combination of machine learning, neural
networks and artist illustrations to conjure up the best
representation of you, taking into account various characteristics
like your skin tone, hair color and style, eye color, face shape and
facial hair. Just access Mini from within Gboard and start the
creation process by taking a selfie. It
will then automatically create your avatar and generate packs of
stickers you can use.

Last
night subscribers to the Practical
Ed Tech Newsletter were sent copies of the 2018-19 Practical
Ed Tech Handbook. This annual publication is a free, 36 page PDF
that highlights my favorite educational technology sites and apps.

The
Practical Ed Tech Handbook is organized into nine sections.
Those sections are:

Monday, August 27, 2018

A report
for the Center for Strategic and International Studies looks at
surprise and war. One of the report's cyberwar scenarios is
particularly compelling. It doesn't just map cyber onto today's
tactics, but completely re-imagines future tactics that include a
cyber component (quote starts on page 110).

The U.S. secretary of defense had
wondered this past week when the other shoe would drop. Finally, it
had, though the U.S. military would be unable to respond effectively
for a while.

The scope and detail of the attack, not
to mention its sheer audacity, had earned the grudging respect of the
secretary. Years of worry about a possible Chinese "Assassin's
Mace" -- a silver bullet super-weapon capable of disabling key
parts of the American military -- turned out to be focused on the
wrong thing.

The cyber attacks varied. Sailors
stationed at the 7th Fleet' s homeport in Japan awoke one day to find
their financial accounts, and those of their dependents, empty.
Checking, savings, retirement funds: simply gone. The Marines based
on Okinawa were under virtual siege by the populace, whose simmering
resentment at their presence had boiled over after a YouTube video
posted under the account of a Marine stationed there had gone viral.
The video featured a dozen Marines drunkenly gang-raping two teenaged
Okinawan girls. The video was vivid, the girls' cries
heart-wrenching the cheers of Marines sickening And all of it fake.
The National Security Agency's initial analysis of the video had
uncovered digital fingerprints showing that it was a
computer-assisted lie, and could prove that the Marine's account
under which it had been posted was hacked. But
the damage had been done.

There was the commanding officer of
Edwards Air Force Base whose Internet browser history had been posted
on the squadron's Facebook page. His command turned on him as a
pervert; his weak protestations that he had not visited most of the
posted links could not counter his admission that he had, in fact,
trafficked some of them. Lies mixed with the truth. Soldiers at
Fort Sill were at each other's throats thanks to a series of text
messages that allegedly unearthed an adultery ring on base.

The variations elsewhere were endless.
Marines suddenly owed hundreds of thousands of dollars on credit
lines they had never opened; sailors received death threats on their
Twitter feeds; spouses and female service members had private
pictures of themselves plastered across the Internet; older service
members received notifications about cancerous conditions discovered
in their latest physical.

Leadership was not exempt. Under the
hashtag # PACOMMUSTGO a dozen women allegedly described harassment by
the commander of Pacific command. Editorial writers demanded that,
under the administration's "zero tolerance" policy, he step
aside while Congress held hearings.

There was not an American service member
or dependent whose life had not been digitally turned upside down.
In response, the secretary had declared "an operational pause,"
directing units to stand down until things were sorted out.

Then, China had made its move, flooding
the South China Sea with its conventional forces, enforcing a sea and
air identification zone there, and blockading Taiwan. But the
secretary could only respond weakly with a few air patrols and
diversions of ships already at sea. Word was coming in through back
channels that the Taiwanese government, suddenly stripped of its most
ardent defender, was already considering capitulation.

Bill Gates
– Not enough people are paying attention to this economic trend

Gates
Notes: The Blog of Bill Gates – “The portion of the world’s
economy that doesn’t fit the old model just keeps getting larger.
That has major implications for everything from tax law to economic
policy to which cities thrive and which cities fall behind, but in
general, the rules that govern the economy haven’t kept up. This
is one of the biggest trends in the global economy that isn’t
getting enough attention…the brilliant new book Capitalism
Without Capital by Jonathan Haskel and Stian Westlake is
about as good an explanation as I’ve seen. They start by defining
intangible assets as “something you can’t touch.” It sounds
obvious, but it’s an important distinction because intangible
industries work differently than tangible industries. Products you
can’t touch have a very different set of dynamics in terms of
competition and risk and how you value the companies that make them…

“…What the book reinforced for me is that
lawmakers need to adjust their economic policymaking to reflect these
new realities. For example, the tools many countries use to measure
intangible assets are behind the times, so they’re getting an
incomplete picture of the economy. The U.S. didn’t include
software in GDP calculations until 1999. Even today, GDP doesn’t
count investment in things like market research, branding, and
training—intangible assets that companies are spending huge amounts
of money on. Measurement isn’t the only area where we’re falling
behind—there are a number of big questions that lots of countries
should be debating right now. Are trademark and patent laws too
strict or too generous? Does competition policy need to be updated?
How, if at all, should taxation policies change? What
is the best way to stimulate an economy in a world where capitalism
happens without the capital? We need really smart
thinkers and brilliant economists digging into all of these
questions. Capitalism Without Capital is the first book
I’ve seen that tackles them in depth, and I think it should be
required reading for policymakers. It took time for the investment
world to embrace companies built on intangible assets. In the early
days of Microsoft, I felt like I was explaining something completely
foreign to people. Our business plan involved a different way of
looking at assets than investors were used to. They couldn’t
imagine what returns we would generate over the long term…”

While the SFE’s purview is “science fiction”
broadly conceived, its articles have warring impulses. On the one
hand, they aim to educate.
Within these pages, you’ll find explanations of numerous literary
tropes, both those well-known (the generation
starship used in many tales of space exploration) and those more
obscure (a jonbar
point, or the small, seemingly insignificant moment that proves
to be the difference between two alternate histories, in time-travel
stories). But when the entry on Gene
Wolfe declares that he is “quite possibly” science fiction’s
most important writer, no shy excuse for this partiality follows.
More than informative, this encyclopedia enthuses, anoints, or
dismisses. What it has to say about Joanna
Russ, Octavia
Butler, Kim
Stanley Robinson, and J.G.
Ballard is aimed squarely at canons and reputations. The SFE
quarrels its way into being encyclopedic…”

I won't dance, don't ask me
I won't dance,
don't ask me
I won't dance, madam, with you
I won't dance.
Why should I?
I won't dance. How could I?
I won't dance,
merci beaucoup

Deepfakes
for dancing: you can now use AI to fake those dance moves you always
wanted

Artificial intelligence is
proving to be a very capable tool when it comes to manipulating
videos of people. Face-swapping deepfakes
have been the most visible example, but new applications are being
found every day. The latest? Call it deepfakes for dancing. It
uses AI to read someone’s dance moves and copy them on to a target
body.

Sunday, August 26, 2018

How an
international hacker network turned stolen press releases into $100
million

… Newswires like Business
Wire are clearinghouses for corporate information, holding press
releases, regulatory announcements, and other market-moving
information under strict embargo before sending it out to the world.
Over a period of at least
five years, three US newswires were hacked using a variety
of methods from SQL injections and phishing emails to data-stealing
malware and illicitly acquired login credentials. Traders who were
active on US stock exchanges drew up shopping lists of company press
releases and told the hackers when to expect them to hit the
newswires. The hackers would then upload the stolen press releases
to foreign servers for the traders to access in exchange for 40
percent of their profits, paid to various offshore bank accounts.
Through interviews with sources involved with both the scheme and the
investigation, chat logs, and court documents, The Verge has
traced the evolution of what law enforcement would later call one of
the largest securities fraud cases in US history.

Even the smartest Computer Security manager will
have problems with “stupid.”

Somewhere in Western Australia, a
government IT employee is probably laughing or crying or pulling
their hair out, or maybe all of the above. A security audit of the
Western Australian government released this week by the state’s
auditor general found that 26
percent of its officials had weak, common passwords —
including more than 5,000 including the word “password” out of
234,000 in 17 government agencies.

The legions of lazy passwords were
exactly what you — or a thrilled hacker — would expect: 1,464
people went for “Password123” and 813 used “password1.”
Nearly 200 individuals simply used “password,” perhaps never
changing it to begin with. Almost 13,000 used variations of the date
and season, and almost 7,000 included versions of “123

Facebook's pledge
to "spark conversations and meaningful interactions"
apparently extends to Instagram. The photo-sharing app has started
testing a feature designed to bring college students going to the
same university together in a virtual community. According to CNBC,
the Facebook-owned company is inviting select users to join groups
for their schools based on the accounts they follow, their
connections and their public posts. If someone who got invited
chooses to try it out, they have to opt in by choosing their
university and graduating year from a set of predetermined choices.

This is subtle, but most of Scott Adams’ Dilbert
cartoons have reflected his opinion of President Trump. Just change
the words ‘first draft’ to any current Trump topic…

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.